Re: CVE-2015-2291 Intel Network Adapter Diagnostic Driver IOCTL DoS

JLang10 · ‎03-24-2016

A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. Intel Network Adapter Diagnostic Driver is prone to multiple local buffer-overflow vulnerabilities.

An attacker can exploit these issues to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed.

Note: This issue was previously titled 'Intel Network Adapter Diagnostic Driver CVE-2015-2291 Multiple Remote Code Execution Vulnerabilities'. The title and technical details have been changed to better reflect the underlying component affected.

When will a vendor-supplied patch be available?

Joel

Allan_J_Intel1 · ‎03-25-2016

I have moved your post to our Networking department

Allan.

st4 · ‎03-27-2016

Hi langejoel,

Thank you for bringing this matter to our attention. We will need to check on this.

rgds,

wb

JLang10 · ‎04-11-2016

wb,

Any news about how to remediate this vulnerability? Thank you for looking into this.

Joel

Mark_H_Intel · ‎04-12-2016

Intel released an update to mitigate this issue in June 2015. More information can be found here: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00051&languageid=en-fr

Mark

JLang10 · ‎04-13-2016

Thank you Mark, I will have our patch group test this solution out hopefully soon. When we see resolution I will post to the site and mark your solution as the Answer.

Thank you for responding to my second inquiry so soon.

jL

idata · ‎11-08-2016

That download will not work on my HP servers.

Any other ideas/suggestions?

I have the latest and greatest NIC driver and firmware installed but still getting flagged with this vulnerability.